Adaptive authentication (AA) involves computation of risk scores to authenticate users. Each risk score is a numerical measurement of risk, i.e., the likelihood that a particular user attempting to authenticate is not authentic. If the risk score is less than a predetermine threshold, authentication is considered successful and the user is considered legitimate. However, if the risk score is higher than the predetermine threshold, authentication is considered unsuccessful and a subsequent authentication action may be taken, e.g., the user may try to re-authenticate, the user may be challenged for a stronger form of authentication, and so on. Such activity may generate security alerts for evaluation from a human expert.
Security Information and Event Management (SIEM) refers to a security service which involves providing real-time analysis of security alerts. In particular, the SIEM service gathers, analyzes and presents security alert information to a team of expert humans which is responsible for monitoring and managing resources on a computer network.